Move RA agent certificate file export to a different location

HTTPS connection to certificate server requires client authentication so we need a file with client certificate and private key prior to its first occurence which happens during migration of certificate profiles to LDAP. https://fedorahosted.org/freeipa/ticket/5695 https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Stanislav Laznicka <slaznick@redhat.com> 2017-01-02 17:00:00 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2017-03-01 09:43:41 +0000
commit: 2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f (patch)
tree: 965aba505982685332984c7edb71ea50463355f2 /ipaserver/install/server/upgrade.py
parent: dfd560a190cb2ab13f34ed9e21c5fb5c6e793f18 (diff)
download: freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.tar.gz
freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.tar.xz
freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 90c2be26e..c7965c7c3 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -44,7 +44,6 @@ from ipaserver.install import schemaupdate
 from ipaserver.install import custodiainstance
 from ipaserver.install import sysupgrade
 from ipaserver.install import dnskeysyncinstance
-from ipaserver.install import krainstance
 from ipaserver.install import dogtaginstance
 from ipaserver.install import krbinstance
 from ipaserver.install import adtrustinstance
@@ -1403,12 +1402,13 @@ def fix_trust_flags():
     sysupgrade.set_upgrade_state('http', 'fix_trust_flags', True)
 
 
-def export_kra_agent_pem():
+def export_ra_agent_pem():
     root_logger.info('[Exporting KRA agent PEM file]')
 
+    # export_kra_agent_pem is the original name of this function
     sysupgrade.remove_upgrade_state('http', 'export_kra_agent_pem')
 
-    if os.path.exists(paths.KRA_AGENT_PEM):
+    if os.path.exists(paths.RA_AGENT_PEM):
         root_logger.info("KRA agent PEM file already exported")
         return
 
@@ -1416,7 +1416,7 @@ def export_kra_agent_pem():
         root_logger.info("KRA is not enabled")
         return
 
-    krainstance.export_kra_agent_pem()
+    dogtaginstance.export_ra_agent_pem()
     installutils.remove_file(paths.OLD_KRA_AGENT_PEM)
 
 
@@ -1663,7 +1663,7 @@ def upgrade_configuration():
     update_mod_nss_protocol(http)
     update_mod_nss_cipher_suite(http)
     fix_trust_flags()
-    export_kra_agent_pem()
+    export_ra_agent_pem()
     update_http_keytab(http)
     http.configure_gssproxy()
     http.start()
author	Stanislav Laznicka <slaznick@redhat.com>	2017-01-02 17:00:00 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2017-03-01 09:43:41 +0000
commit	2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f (patch)
tree	965aba505982685332984c7edb71ea50463355f2 /ipaserver/install/server/upgrade.py
parent	dfd560a190cb2ab13f34ed9e21c5fb5c6e793f18 (diff)
download	freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.tar.gz freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.tar.xz freeipa-2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f.zip